HTTP: BlackBoard Remote PHP Code Inclusion
This signature detects attempts to exploit a vulnerability in the admin.inc.php script that shipped as part of the BlackBoard suite. Attackers can force the admin.inc.php script to include and execute PHP code from a remote source.
Extended Description
BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may allow an attacker to include malicious files containing arbitrary script code to be executed on a vulnerable computer. BlackBoard Internet Newsboard System version 1.5.1 is reported prone to this vulnerability. It is possible that prior versions are affected as well.
Affected Products
Blackboard blackboard_internet_newsboard_system
References
BugTraq: 11336
CVE: CVE-2004-1582
URL: http://archives.neohapsis.com/archives/bugtraq/2004-10/0044.html http://www.securityfocus.com/archive/1/377684
Short Name
HTTP:PHP:BLACKBOARD-INC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
BlackBoard CVE-2004-1582 Code Inclusion PHP Remote bid:11336
Release Date
11/03/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Blackboard
CVSS Score
7.5